|Published Date : 31 May 2018
Last Updated : 20 Sep 2022
Content Ref: TEC6276129
When signing in to an RM Unify federated Microsoft® 365™ domain, either via the Microsoft® portal (https://login.microsoftonline.com/), or by clicking a Microsoft 365 tile from the RM Unify Launch Pad, you see two additional Microsoft messages:
- "Additional info required. Your administrator requires you to add additional security info to help you recover your account [Next]".
- "don't lose access to your account!
To make sure you can reset your password, we need to collect some info so we can verify who you are. We won't use this to spam you - just to keep your account more secure. You'll need to set up at least 2 of the options below.
Authentication Phone is not configured. Set it up now
Security Questions are not configured. Set them up now".
These additional screens appear to end users when the self-service password reset functionality has been enabled within Azure Active Directory in your Microsoft 365 tenancy. This is a tenancy level setting and will apply to all domains in your tenancy, both federated domains and unfederated domains.
For RM Unify federated Microsoft 365 domains, it is not possible for users to use the Microsoft self-service password reset functionality (SSPR). RM Unify handles user authentication for Microsoft 365 and utilises its own password recovery functionality.
If you wish to disable SSPR on all domains in your tenancy, please follow procedure 1 below. If you wish to leave SSPR enabled for some or all users on unfederated domains, please follow procedure 2 below.
|1. To disable the self-service password reset functionality for the entire tenancy|
To disable the password reset functionality, which is redundant if you have Microsoft 365 federated to RM Unify, please perform the following:
- Log on to Microsoft 365 as a global administrator and navigate to the 'Microsoft 365 admin center'.
- From the left-hand side, under Settings, select Org settings.
- In the right-hand side pane, under 'Security & privacy', click the 'Self-service password reset' link
- In the 'Azure Active Directory admin center' window, on the left-hand side, select Users, 'Password reset'.
- Change the 'Self service password reset enabled' option to None.
- Click Save.
- Note the information box advising that this setting only applies to end users. M365 admins are always enabled for self-service password reset.
|2. To enable the self-service password reset functionality for only selected users in your tenancy|
Use this procedure to allow self-service password reset functionality for only the unfederated users in your Microsoft 365 tenancy:
- Log on as a global admin and access the 'Microsoft 365 admin center'.
- From 'Teams & groups', create a security group called SSPR Enabled.
- From Users, bulk select the users you want to add to the security group.
Note: You may find using the filter feature helpful in returning multiple users from a specific domain.
- From the toolbar, click the three dots and select 'Manage groups'.
- In 'Group memberships', type SSPR Enabled.
- Tick the group and click 'Save changes'.
- Navigate to the 'Password reset properties' page in Azure Active Directory.
- Click Selected, then search for and select the SSPR Enabled group created above.
- Click 'Save changes'.
If this article has not helped provide a solution then it is also possible to
log a call...
Document Keywords: o365, signin, sign-in, prompt, authentication, window, recovery, m365, TEC6276129